Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20573

Опубликовано: 28 дек. 2018
Источник: redhat
CVSS3: 3.7

Описание

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Отчет

This issue affects the versions of rh-mongodb32-yaml-cpp, rh-mongodb34-yaml-cpp, and rh-mongodb36-yaml-cpp as shipped with Red Hat Software Collections. However, this is only used to parse configuration files. Red Hat Satellite 6.5 ship yaml-cpp however has been rated as a security impact of Low, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)yaml-cppFix deferred
Red Hat OpenStack Platform 13 (Queens)yaml-cppFix deferred
Red Hat OpenStack Platform 14 (Rocky)yaml-cppAffected
Red Hat OpenStack Platform 8 (Liberty)yaml-cppFix deferred
Red Hat OpenStack Platform 9 (Mitaka)yaml-cppFix deferred
Red Hat Satellite 6yaml-cppWill not fix
Red Hat Software Collectionsrh-mongodb32-yaml-cppWill not fix
Red Hat Software Collectionsrh-mongodb34-yaml-cppWill not fix
Red Hat Software Collectionsrh-mongodb36-yaml-cppWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1665567yaml-cpp: DoS in Scanner::EnsureTokensInQueue function in yaml-cpp

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-20573

CVSS3: 6.5
ubuntu
около 7 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

nvd логотип

CVE-2018-20573

CVSS3: 6.5
nvd
около 7 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

msrc логотип

CVE-2018-20573

CVSS3: 6.5
msrc
больше 5 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

debian логотип

CVE-2018-20573

CVSS3: 6.5
debian
около 7 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++ ...

github логотип

GHSA-wff4-h782-3qx9

CVSS3: 6.5
github
больше 3 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

3.7 Low

CVSS3